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IN THE CLAIMS 

Please add claims 25-28. 

Please amend claims 1-3, 6, 9-15, 18, and 21-24 as follows: 

1. (Currently Amended) A public key infrastructure (PKI) comprising: 
a subject; 

a certificate authority issuing a first unsigned certificate to the subject , the first 
certificate including that associatos a public key of the subject^ te-long-term identification 
information related to the subject, and meta-data related to the first certificate, wherein the 
first certificate is not signed by the ceitificate authority, the certificate authority maintaining a 
database of records representing issued unsigned certificates in which it stores a record 
representing the first unsigned certificate, wherein the issued unsigned certificates are valid 
until at least one of revoked by the certificate authority and eixpired; and . 

a verifier maintaining a hash table containing cryptographic hashes^ of valid unsigned 
certificates corresponding to the records stored in the database and including a cryptographic 
hash of the first unsigned certificate, wherein the subject presents the issued first unsigned 
certificate to the verifier for authentication and demonstrates that the subject has knowledge 
of a private key corresponding to the public key in the first unsigned certificate. 

2. (Currently Amended) The PKI of claim 1 wherein the first unsigned certificate 
includes an expiration date/time. 

3. (Currently Amended) The PKI of claim 1 wherein the first unsigned certificate does 
not include an expiration date/time. 

4. (Original) The PKI of claim 1 wherein the private key is stored in a smartcard 
accessible by the subject. 

5. (Original) The PKI of claim 1 wherein the private key is stored in a secure software 
wallet accessible by the subject. 
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6. (Currently Amended) The PKI of claim 1 wherein the verifier computes the 
cryptographic hash of the first unsigned certificate with a colHsion-resistant hash function. 

7. (Original) The PKI of claim 6 wherein the collision-resistant hash function is a SHA- 
1 hash function. 

8. (Original) The PKI of claim 6 wherein the collision-resistant hash function is a MD5 
hash function. 

9. (Currently Amended) The PKI of claim 1 wherein the certificate authority and the 
verifier operate to revoke the first unsigned certificate when the association of the subj e ct's 
public key to at least a portion of the long-term identification information related to the 
subject becomes invali d no longer applies to the subject . 

10. : (Currently Amended) The PKI of claim 91 wherein the certificate authority and the 
verifier perform #^a revocation protocol to revoke the first unsigned certificate when at least 
one of the private key is comprised and at least a portion of the long-term identification 
infoiTnation related to the subject no longer applies to the subject , the revocation protocol 
including: 

the certificate authority retrieving a record representing the first unsigned certificate 
from the database and obtaining a cryptographic hash of the first unsigned certificate; 

the certificate authority sending a message to verifier containing the cryptographic 
hash of the first unsigned certificate and requesting that the verifier remove the corresponding 
cryptographic hash of the first unsigned certificate from its hash table; 

the verifier removing the cryptographic hash of the first unsigned certificate from its 
hash table and notifying the certificate authority that it has removed the cryptographic hash of 
the first unsigned certificate from its hash table; and 

the certificate authority collecting the notification sent by the verifier. 

1 1 . (Currently Amended) The PKI of claim 10 wherein the revocation protocol includes 
the certificate authority marking the record of the first unsigned certificate in the database as 
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being invalid, for auditing purposes. 

12. (Currently Amended) The PKI of claim 10 wherein the revocation protocol includes 
the certificate authority deleting the record representing the first unsigned certificate from the 
database. 

13. (Currently Amended) A method of authenticating a subject to a verifier in a public 
key infrastructure (PKI), the method comprising the steps of: 

issuing a first unsign e d certificate from a certificate authority to the subject , the first 
certificate including that associat e s a public key of the subject, te-long-term identification 
information related to the subjec t, and meta-data related to the first certificate, wherein the 
first certificate is not signed by the certificate authority ; 

maintaining, at the certificate authority, a database of records representing issued 
unsigned certificates that are valid until at least one of revoked by the certificate authority 
and expired; ' 

storing a record representing the first unsigned certificate in the database; 

maintaining, at the verifier, a hash table containing cryptographic hashes of valid 
unsigned certificates corresponding to the records stored in the database and including a 
cryptographic hash of the first unsigned certificate; 

presenting the issued first unsigned certificate from the subject to the verifier for 
authentication; 

demonstrating, by the subject, that the subject has knowledge of a private key 
corresponding to the public key in the unsigned first certificate. 

14. (Currently Amended) The method of claim 13 wherein the first unsigned certificate 
includes an expiration date/time. 

15. (Currently Amended) The method of claim 13 wherein the first unsigned certificate 
does not include an expiration date/time. 

16. (Original) The method of claim 13 further comprising the step of: 
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Storing the private key in a smaitcard accessible by the subject. 

17. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a secure software wallet accessible by the subject. 

18. (Currently Amended) The method of claim 13 further comprising the step of: 
computing, by the verifier, the cryptographic hash of the first unsigned certificate with 

a collision-resistant hash function. 

19. (Original) The method of claim 18 wherein the collision-resistant hash function is a 
SHA-1 hash function. 

20. (Original) The method of claim 18 wherein the collision-resistant hash function is a 
MD5 hash function. 

21. (Currently Amended) The method of claim 13 further comprising the step of: 
revoking the first unsigned certificate when the association of the subject's public key 

te at least a portion of the long-term identification information related to the subject b e com e s 
invalid no longer applies to the subject . 

22. (Currently Amended) The method of claim 21 wherein the r e voking step includes the 
steps o f 13 further comprising revoking the first certificate when at least one of the private 
key is comprised and at least a portion of the long-term identification information related to 
the subject no longer applies to the subject, the revoking including : 

retrieving the record representing the first unsigned certificate from the certificate 
database and obtaining a cryptographic hash of the first unsigned certificate; 

sending a message from certificate authority to verifier containing the cryptographic 
hash of the first unsign e d certificate; 

requesting that the verifier remove the corresponding cryptographic hash of the first 
unsigned certificate from its hash table; 

removing the cryptographic hash of the first unsigned certificate from the hash table; 



6 



Amendment and Response and Examiner Interview Summary 

Applicant: Francisco Corel la 

Serial No.: 09/483,186 

Filed: January 14, 2000 

Docket No.: 10001559-1/H300.126.101 

Title: LIGHTWEIGHT PUBLIC KEY INFRASTRUCTURE EMPLOYING UNSIGNED CERTIFICATES 

notifying the certificate authority that the cryptographic hash of the first unsigned 
certificate is removed from the hash table; and 

collecting, at the certificate authority, the notification sent in the notifying step. 

23. (Currently Amended) The method of claim 22 wherein the revoking step further 
includes: 

marking the record representing the first unsign e d certificate in the database as being 
invalid, for auditing purposes. 

24. (Currently Amended) The method of claim 22 wherein the revoking step further 
includes: 

deleting the record representing the first unsign e d certificate from the database. 

25. (New) The PKI of claim 1 wherein the meta-data includes at least one of a serial 
number of the first certificate and a name of the certificate authority. 

26. (New) The PKI of claim 1 wherein the long-term identification information related to 
the subject includes at least one of the subjects' name and a number identifying the subject. 

27. (New) The PKI of claim 1 wherein the certificate authority and the verifier operate to 
revoke the first certificate when the private key corresponding to the public key in the first 
certificate is compromised. 

28. (New) The method of claim 13 further comprising: 

revoking the first certificate when the private key corresponding to the public key in 
the first certificate is compromised. 
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